commit | c0d16f17ae3077c0575d7e4bd580342a20c36c2d | [log] [tgz] |
---|---|---|
author | Zvonimir Pavlinovic <zpavlinovic@google.com> | Wed Dec 08 18:00:30 2021 -0800 |
committer | Zvonimir Pavlinovic <zpavlinovic@google.com> | Tue Dec 14 19:10:49 2021 +0000 |
tree | 586155aecff4eefbbc1acd4f1392e4f90d444941 | |
parent | 79cd87713b62269ec5e9fe6724554261383cae86 [diff] |
vulncheck: fix support for packages whose every symbol is vulnerable Some vulnerabilities have an empty slice for the osv.Entry Symbols field, meaning every symbol is vulnerable. This CL adds support for such vulnerabilities by doing the following, when an import of the corresponding packages is seen, we list every top-level method and function of that package and add it as a Vuln in vulncheck.Result. Change-Id: I0edac51f7e3923ecfd3f203db80e6f7d22272dd2 Reviewed-on: https://go-review.googlesource.com/c/exp/+/371254 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Trust: Zvonimir Pavlinovic <zpavlinovic@google.com>
This subrepository holds experimental and deprecated (in the old
directory) packages.
The idea for this subrepository originated as the pkg/exp
directory of the main repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been created to make it possible to go get
these packages.
Warning: Packages here are experimental and unreliable. Some may one day be promoted to the main repository or other subrepository, or they may be modified arbitrarily or even disappear altogether.
In short, code in this subrepository is not subject to the Go 1 compatibility promise. (No subrepo is, but the promise is even more likely to be violated by go.exp than the others.)
Caveat emptor.